Our entire existence is gradually going digital. We communicate online, work, study, and sometimes relax, rushing into a world of virtual game worlds. But few people think about how safe the information space. The information itself was and remains the most important element in the development of mankind. And personal information is perceived as something intimate, even if it is sometimes flaunted in social networks. In an interview with Ivan Vladimirovich Chizhov, we talked about various aspects of information security and discussed the main trends of digitalization.
Ivan Vladimirovich Chizhov, Ph.D. in Physics and Mathematics, Associate Professor at the Department of Information Security, Faculty of Computational Mathematics and Cybernetics, Moscow State University
– What does the concept of information security mean?
– Information security is a multifaceted concept. It defines the activity to ensure certain properties of information related to its security. In this case, we are talking about information presented in many different forms, not only in electronic one. Like any other field related to security, information security has been formed in parallel with the process of accumulation of large volumes of information. Therefore, at a certain point, when information became an important component of human existence and violation of the information features began to lead to negative consequences, and the field of information security emerged.
– What features of information are you talking about?
– Today there are three main features. The first is confidentiality. It guarantees that only certain persons have access to the information. The second, no less important property is the property of integrity of information, which protects certain data from illegal changes. If confidentiality is most important for the state, the property of integrity affects ordinary people, just like you and me. Say, if you send a request to a bank to transfer money from your account, and someone intercepts it on the way and changes the destination address, you lose money. So, it is the job of the information security specialist to ensure that the information is not changed illegally.
And finally, the third and final feature is the information accessibility. It also applies more to ordinary people. When information becomes a commodity, any kind of information blockage leads to a loss of money. Let's say the blocking of an online store leads to a loss of revenue, which has a negative impact on business.
– What methods are used to ensure the features of information security?
– First, the legal acts. In the field of information security, there is a set of legal acts that are aimed at supporting information protection activities.
Secondly, information security specialists have special technical means at their disposal. For example, in the field of road safety, traffic lights that regulate road traffic are considered as technical means. And in the field of information security, there are technical means that ensure the confidentiality of information, its availability and integrity. The next level is organizational measures. If we place traffic lights, but people ignore them and cross the road on a red light, then we cannot talk about any kind of security. The same is true for information security, it is important to have some kind of organizational component and to encourage people to obey some rules.
Today, the most sophisticated area of information security is related to technical security. We are witnessing a revolution in the way we process information. Some 50 years ago, no one thought about cloud storage, messengers, and smartphones. Today, a “smart phone” actually stores all the information about its owner. And often the security features are very peculiar.
— Give an example.
— For example, cryptographic means today are the most scientific in terms of mathematical methods. In general, mathematics is an important component of our faculty at the Moscow State University. And the topic of cryptographic systems is close to me, too.
Today, the so-called homomorphic encryption, which allows you to process encrypted data, is actively developing. To put it simply, the user can perform calculations without decrypting the information, while receiving the result in the encrypted form.
There are interesting developments in information security that are related to privacy. Today, our communication has practically gone electronic. In this regard, there are a lot of new protocols that protect information.
– If we talk about computing and the digital space, who ensures our security in this case?
– Information security specialists within more specific areas. For example, cybersecurity specialists ensure the security of computers and digital information processing. There are specialists who develop means of protection, technical algorithms and various cryptographic mechanisms.
But the main thing is that we should ensure our security ourselves.
– In what way?
– First of all, we should follow simple rules, like “don't walk on the red light.” Obviously, you shouldn't write nasty things about your boss on social media, hoping that no one will find out about it.
But if we speak seriously, you should follow the rules of digital hygiene in the digital space. The simplest thing is not to be lazy to create individual passwords for each account. Certainly, there is no technology or other person that can protect a person who is irresponsible about their security.
Simply put, you should not rely only on the security mechanisms of websites, you should follow a number of rules yourself
– Today, reports of large-scale user data leaks are becoming more and more frequent. Who is to blame for such events: the specialists who are bad at keeping us safe or we are?
– Both factors play a role. But in each case, there are completely different reasons. For example, companies that collect data often do not provide an adequate level of data security. But at the same time, people who fall victim to such leaks, usually do not follow the basic rules of information hygiene. Let's say, for example, that you created an account on a suspicious service and entered your email password. As soon as this service is hacked, your password becomes known to the intruder, who can use it to access your mail, and therefore other information contained in social networks or banking services. In other words, information security is always a complex issue. It is a coordinated work of many mechanisms, from legal and organizational, to technical means and, of course, to human consciousness.
– If we speak about the key areas of information security in the digital space, which of them are most actively developing?
– Each area is developing actively. I must say that in the digital world, the very means of information processing and generally any protection technology is tied to the technology that works with the information. For example, you can send a message by e-mail or in social networks. Or you can keep a file on your computer, but transfer it using a storage device. These are all digital technologies that use different ways to store, process and transmit information.
Of course, the field of cybersecurity is developing dynamically. The hackers are constantly trying to improve their methods. At the same time, some security systems that were used 20-30 years ago are simply outdated.
It is also interesting that the development of information technology makes it possible to push the development of security systems. Today many people talk a lot about the processing technology of big data. Neural networks are on everyone's lips. They are actively used by Google, Facebook and other IT giants. All of them collect information, which is processed by neural networks. On the one hand, it is necessary to protect the data when processing it in neural networks, but the very neural networks allow you to build protection technology. In this way, the development of technology affects the development of security systems and methods.
By the way, next year the Faculty of Computational Mathematics and Cybernetics will open a master's program at the intersection between computer security and neural network technology. Today there is a need for professionals who understand the specifics of big data and cybersecurity methods. Many companies need protection systems based on big data techniques.
If we return to the question of neural networks, it is worth recalling that a neural network receives input from real users, which basically cannot be depersonalized. Our smartphones collect a gigantic amount of information about us. It all goes to cloud servers, where neural networks process the information. We have a kind of a compromise – the user gets a recommendation system, which suggests movies, music, videos, reminds them to buy tickets and so on based on their preferences, but at the same time the neural networks have access to information about each user at the input. So today, the scientific community is striving to find a method that allows user data to be encrypted all at once. A neural network would still be useful for the user, but it would also maximize user privacy. So far, this field is hindered by technological problems. Of course, secure homomorphic ciphers already exist now. But in order to use them in neural networks, it is necessary to overcome a number of features of these algorithms related to the accumulation of errors when performing homomorphic calculations.
And, of course, it is impossible not to mention the quantum computer. Over the past 10 years, cryptography, as an important component of information security, has changed against the backdrop of the growing potential for a quantum computer building. This is a separate important area of activity, too. Technologies and algorithms underlying post-quantum cryptographic mechanisms have been known for a long time, but only now they have attracted interest from the cryptographic community and the governments of developed countries.
– Many countries around the world, including Russia, are planning to issue digital passports. Passport has always been the most important document for a person. How will its security be ensured in this case?
– The security of electronic passports will be ensured by the cryptographic methods I mentioned. And, actually, we should not be afraid of electronic passports. Firstly, because the passport is issued by the state. Therefore, the state is responsible for it. Governments realize that in case of hacking and data leakage, the state can expect great reputation losses. And, therefore, a lot of research in the field of electronic passports protection is conducted. And, naturally, it is possible to secure an e-passport on your own by following a certain set of measures.
In fact, the electronic passport is practically the same as its paper version, except that the passport protection technology, such as the signature, transfers to the electronic form.
Plus, the very passport design in the form of our usual plastic card will be provided with additional protection against illegal scanning and this kind of attacks.
– If we talk about the technical component, what technology stores the existing large amounts of data and ensures its security?
– Typically, all data is stored on servers or in cloud storage. Such “cloud” is a collection of servers and storage systems, which may be fragmented and located at great distances from each other. Typically, large storage systems reside in data centers around the world. Often a person's social networking profile is stored in one place, but the profile of a person's friends list is stored on a rented server in another country. And even the same person's data can be stored in different databases and located physically in different parts of the world. Yet users see a single page. This is achieved by the fact that the data centers are logically connected to each other. This fact obviously complicates the protection of storage technology. Perhaps in the future our data will be stored in encrypted form on servers at least. But that's not the case today. And many companies go to great lengths to preserve their reputations and prevent their users' information from being manipulated by intruders.
– In what areas does your department specialize?
– Our department specializes in a large number of areas. Some of our staff work in cryptography, some study post-quantum cryptography or work with homomorphic encryption and various protocols, and others study problematic issues of information system security. Each of these areas is ahead of its time.
Also, the faculty has specialists who deal with the legal aspects of information security at the level of large companies and the state as a whole. Therefore, we can say that our employees, not only the department employees, but the faculty as a whole cover all the digital and information aspects that are developing at the forefront of science.
– When it comes to computational technology, is mathematics still the basis of the whole process?
– Mathematics remains and will probably continue to be the basis of computational technology, for sure. After all, mathematics brings one important property: a proof. A proof that something can be considered safe. Obviously, security proofs are often based on certain assumptions that need to be compensated by other means and security measures. But at the same time, the basis of the proof of safety is still a mathematical method.
In addition, the word “algorithm” itself appeared in the field of mathematics. And without mathematical algorithms, the existence of cybersecurity and even more so, of cryptography would be impossible.
On the other hand, the cryptography itself and the field of information security pose new challenges to mathematicians, the solution of which leads to new directions in mathematical science. Today, in fact, mathematics itself is developing ways of mathematical proof of assertions that are extremely important for the field of information security.
One cannot ignore trendy technologies like blockchain. Faculty members of the CMC department are also actively working in this direction. After all, blockchain has a lot to do with security, not just economics. Therefore, the approaches and methods used to build blockchain systems and cryptocurrency models are analyzed by our department's specialists.
Among other things, there is another interesting trend actively developing today, and it is related to digital money. The concept of digital currency has been considered for a long time. But it should not be confused with cryptocurrencies. Recently there has been a strong interest in digital money, especially on the part of states. Perhaps we will soon move to the digital ruble, the digital dollar, and the digital euro.
– How is this different from the regular money we keep on our cards and bank accounts?
– States are considering the possibility of abandoning paper money completely and switching to digital currency. In our country, for example, we are seeing a kind of transitional moment: on the one hand, we can pay for goods and services with a card that holds our money. But on the other hand, we can go to any ATM and withdraw paper money from the account.
That's why we can't talk about the complete replacement of paper money by digital money. Perhaps in the next 10-15 years, there will be some serious progress in the introduction of digital dollars, rubles, euros and so on. The only thing left to do is to pass a few laws and implement the existing protocols that would provide all the necessary functionality of electronic currency.